mercurial-server: comparison src/do-refresh-auth

equal deleted inserted replaced

-:582808b47653
+:5d81ec164e5d
 # WARNING
 import sys
 import os
 import os.path
+import pwd
 import subprocess
-from mercurialserver import ruleset
+from mercurialserver import ruleset, paths
-if len(sys.argv) <= 3:
+if len(sys.argv) != 1:
-sys.stderr.write("refresh-auth: wrong number of arguments (%s)\n" % sys.argv)
+sys.stderr.write("refresh-auth: must be called with no arguments (%s)\n" % sys.argv)
 sys.exit(-1)
-akeyfile = sys.argv[1]
+pentry = pwd.getpwuid(os.geteuid())
-wrappercommand = sys.argv[2]
+if pentry.pw_name != "hg":
+# FIXME: re-execute
+print >>sys.stderr, "Must be run as the 'hg' user"
+akeyfile = pentry.pw_dir + "/.ssh/authorized_keys"
+wrappercommand = paths.getEtcPath() + "/hg-ssh-wrapper"
+keydirs = [paths.getEtcPath() + "/keys", pentry.pw_dir + "/repos/hgadmin/keys"]
 prefix='no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command='
 if os.path.exists(akeyfile):
 f = open(akeyfile)
 try:
 raise Exception("Safety check failed, delete %s to continue" % akeyfile)
 finally:
 f.close()
 akeys = open(akeyfile + "_new", "w")
-for keyroot in sys.argv[3:]:
+for keyroot in keydirs:
 kr = keyroot + "/"
 #print "Processing keyroot", keyroot
 for root, dirs, files in os.walk(keyroot):
 for fn in files:
 ffn = os.path.join(root, fn)